Lucideus, a 4 year old cyber-security start-up is launching a Secure Digital India campaign. The company plans to go across 50 colleges in the country and give free seminars to students on ethical hacking, new trends in hacking, online identity theft and how one can protect themselves. Rahul Tyagi, VP – Training, Lucideus, talks in detail about securing digital India, in an interaction with Ekta Srivastava, Health Technology
Kindly elaborate more on Lucideus!
We are a 4 year old cyber-security firm and today we can proudly say that we have worked with some of the biggest clients in India and abroad. Few of the clients we have worked with in India are ICICI Bank, Tata Sky, Indigo, Standard Chartered, Coco Cola and much more. We have been incubated from SINE, IIT Bombay in the year 2013.
We are an IT Risk Assessment and Digital Security Services provider. We build and deliver information security platforms and services, both generic and customized to pro actively secure, continuously monitor and reactively respond to cyber threats of our client’s technology stack. Our objective is quantify digital risk to inculcate a knowledge-based culture of safe and secure use of technology, such that risk becomes an informed business decision leading to minimal disruptions to your business and life.
We bucket our services into three categories
- Pro Active Security
- IT Security Maturity Assessment with Regional Regulatory Compliance Management-
An assessment of your overall digital stack across people, process and technology to assess & evaluate your IT security maturity scorecard.
- IT Governance Policy Formulation –
Creating and updating governance policies in line with global best practices and regional & industrial regulatory compliances.
- Information Security Training & Capacity Building –
Training sessions ranging from generic awareness sessions to highly technical deep dive hands on technology security workshops.
- Continuous Security
- Application Vulnerability Management –
Continuous application security assessment for your thick client, web and mobile applications.
- IT Infrastructure Vulnerability Management –
Continuous infrastructure security assessment for assessing and monitoring your external perimeter along with internal network.
- WISE SOC –
SOC services for your internal and external security tools to extract actionable intelligence from the events and logs.
- Reactive Security
- Emergency Response –
If you are you hacked or something business critical down, our experts help you with a speedy recovery to BaU with root cause identification.
- Cyber Forensics –
An array of cyber forensic services where you get to use the tools from the best OEMs from around the world without setting up your lab.
- Fraud Analysis –
Fraud investigation of an internal / external incident where we deploy our forensic tools to try and identify the source and methodology of execution.
Rise of cyber-security in India?
Cyber-security has emerged as a very critical sector in the last decade and this has largely been led by the rising amount of cyber crimes not only in India, but globally. According to an Assocham study, the reported number of cyber attacks during 2011, 2012, 2013 and 2014 stood at 13,301, 22,060, 71,780 and 1,49,254 respectively and these are only reported figures, the actual numbers will be way too high.
Even as Indian enterprises are increasingly going online, there has been a notable uptick in the number of attacks, especially targeting the small and medium businesses as most of them are not well protected. According to a recent report by security software firm Symantec, November 2015 was most vulnerable month for India Inc when, on an average, 2.5 targeted attacks took place every day. With the recent hacks coming into light, such as the fappening series (iPhone Cloud Hacks), Snapchat hacks, Dropbox, Gmail and other banking data leaks has created a terror in the mind of the people.
Today, hackers are a step ahead and you need trained professionals to be able to find the loopholes and fix them. From ATM pin overlay skimming devices made almost a decade back to 3D printed skimming devices placed at fake ATMs, we have come a long way in terms of maturity in the ways of card skimming. You get over 3,500 results on Alibaba for the term “card skimmer” make it extremely easy for literally anyone to acquire a state of the art skimming equipment. There are dozens of credible underground forums for carding where these skimmed credit card numbers are sold in bulk – the average pricing being 2-3 USD depending on the issuer – Visa, Master Card or AmEx – reduces your chances significantly of being caught by the law enforcement. On the other side, while purchasing the data on these forums, these days you also get the option of sorting the card data according to Zip Codes such that the buyer can locally use the card where it actually belongs without raising any red flags.
As an industry, cyber-security is going to be critical in the next few decades and only going to rise from here.
With the launch of Digital India, the critical need of cyber-security
Our honorable Prime Minister during the launch of the Digital India campaign had cited the importance of cyber-security and that he envisaged it to be an integral part of India’s national security. Yes, with everything moving digital, cyber-security has become increasingly important. Internet users in India that has crossed 400 million this year, has been accompanied by growing cyber crimes—culminating in a 19 times increase over the last ten years as per a report by IndiaSpend.
Today, with the government pushing every industry to become digital, cyber risk is also increasing. Imagine the banking sector, it is pre-dominantly moving towards the online banking, net banking segment and a hacker can easily get through to the payment gateway if the server is not secure. Similarly, lets’ consider the healthcare sector. Today there are multiple applications which provide the doctor with critical information about the patient, before even the doctor attends him or her, now if this is hacked, the person will have information to all the patients the doctor has attended.
You can hence understand the need of cyber-security in this growing digital era.
How the company plans to directly contribute to the success of Digital India through its new campaign ?
We very recently launched a campaign named #SecureDigitalIndia wherein we plan to reach out to more than 50 colleges across the country and give free seminars to the students. The idea of the campaign is to raise awareness amongst the student community and also give them a direction in terms of specializations and other key skills needed to get into this sector.
One of the biggest challenges in the cyber-security industry today is the lack of skilled professionals. Various reports have found that there is a major gap in terms of what the industry needs and what our academia is producing. Through our campaign, this is where we think we can play a big role.
The cyber-security industry is very versatile and a quick changing industry. What was known can become obsolete within a span of couple of minutes. As a result of which, our expertise and knowledge from being in the industry helps us be more updates about both technology and what is happening in the industry and we devise our seminar and workshops module accordingly.
We have given trainings to private companies, government of India employees and students. So we thought, we could take this expertise and go to colleges and give the students a platform, give them a sense of how the industry is shaping up and how they can be a part of this evolving industry.
What are the top cyber crimes in healthcare that you have witnessed?
Health care industry is growing at a fast pace and as we know everything today is running on computers and mobility devices. Be it medical devices or automated health monitoring machines, all are running on some kind of software, and from an information security professional’s perspective, I must say every software is vulnerable and can be hacked, if it’s not developed with global security standards of compliance with respect to that industry. For example, in the medical industry HIPPA is the compliance standard. Recently many global medical machines were targeted by cyber criminals with a new type of malware known as Ransomware, this type of malware is designed to lock down the medical equipments running with software and to unlock it you have to pay ransom to cyber criminals in Bitcoins(Virtual Currency which is almost untraceable, used by cyber criminals all around the world). If you decide not to pay them, they will insert the malware which will delete and damage the entire application software which is responsible for running the medical device.
Now more we are depending on technology and we have to bare the risk of being pawned by cyber criminals who are looking for new opportunities to extract money. One reason why healthcare industry is a very lucrative target for cyber criminals is the availability of lucrative data and the hospitals need to act quickly in order to secure the data back and this gives the attackers an opportunity to ask for huge ransoms.
In the last couple of years, organizations such as Anthem, Premera, Excellus, UCLA Health, and CareFirst have announced major data breaches, bringing the five year total of compromised patient records to more than 143 million. Ponemon Institute research finds that victims of medical identity theft spend an average of $13,500 to restore their healthcare records, remedy their credit and reverse fraudulent claims.
What types of attacks are most common?
Cyber attacks are of many types, but these days organized criminals gangs are targeting web applications, especially websites which carry users’ financial information like debit and credit card details. Cyber attacks in past was mainly targeted on defacement where attackers deface the website by putting a scary message on the main page of websites, but these days cyber criminals are more interested in the database having financial information as mentioned above.
On the other hand smart phones are one of the more popular devices that cyber criminals are targeting , once they get access to a compromised smart phone, they can have entire access of the phone remotely. They can see SMS, Images, Videos, Calls, Emails and access the camera and so on. Once they have this access they can also bypass the two step verification which is considered an increased security measure.
Another popular form of attack is on e-Wallets as many players in market are launching their own wallet solutions. Criminals are now shifting their attention to this segment and if they find vulnerabilities in e-wallets, they can perform number of attacks through wherein they can transfer money from one wallet to another.
What makes healthcare data so wide open for cybercrime? Is this an issue that is worse than ever before?
There are multiple reasons. Historically, this sector hasn’t been extremely secure and this gives the cyber criminals an edge. Also as mentioned earlier, the data of patients is ever so critical for the hospitals and once the attack happens, they organization is looking at every possible way to get the data back and here most of them fall prey to ransoms.
Today the healthcare sector has also made a significant shift when it comes to usage of technology and building a digital presence. In the backdrop of this, it is highly prone to cyber-attacks.
The awareness for cyber-security is also not high which is another challenge.
What prevention methods can organizations take?
Every organization works on three pillars – Process, Technology and People. Process is the compliance with respect to your industry which an organization follows. Technology is divided into two parts – website and network which to an extent can be secured with proper validations being deployed.
The biggest problem which organization must pay attention is on people. The myth about having latest technology to protect their critical infrastructure are not going to help any organization unless, people who are working on that technology are aware about cyber attacks and different ways of hacking. As a result of which organizations must organize a quarterly or yearly training program for people to understand and learn cyber attacks and protection methods, because once you know how attacks are done practically, you will understand how you can secure too.
We can patch every technology flaw but there is no patch for human error, but we can at least try to train our employees to reduce the possibility.